CVE-2023-28398
Last modified
CVE-2023-28398 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Propumpservice | Osprey Pump Controller Firmware | 1.01 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28398?
How severe is CVE-2023-28398?
How do I fix CVE-2023-28398?
Are you affected by CVE-2023-28398?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST